New scanner detects thousands of vulnerable Android apps

News by Rene Millman

Security researchers create new way to discover malware masquerading as mobile apps, find 30,000 malicious apps on Google Play Store.

Security researchers have claimed that over 127,000 apps contain some kind of malicious intent. The scientists managed to unearth the scale of the problem using a new technique they devised to detect malware.

Worryingly, the researchers also managed to find 30,000 malicious Android apps on the Google Play Store. This represented around seven percent of the 400,000 app hosted on that marketplace.

The technique, dubbed MassVet, was created by researchers working at Indiana University, Penn State University and the Institute of Information Engineering at the Chinese Academy of Sciences.

According to a paper published by the researchers, instead of scanning source code, the technique compares an app against other similar apps known to be legitimate.  The scanner looked at 1.2 million apps hosted on 33 app stores worldwide.

“What we can do is to simply compare the code of related apps (an app and its repackaged versions, or those repackaged from the same app) to check their different part, and unrelated apps (those of different origins, signed by different parties) to inspect their common part to identify suspicious code segments (at the method level),” the researchers said.

“These segments, once found to be inexplicable (eg, not common libraries), are almost certain to be malicious,” they added.

The scientists said their MassVet approach can scan apps in less than 10 seconds and also "outperformed all 54 scanners in VirusTotal in terms of detection coverage," discovering 34,026 new malicious apps that most other scanners missed.

The scanner also uncovered numerous examples of alleged malware showing up on Google's Play Store. It claimed that 30,552 of 401,549 apps studied were malicious. Some 400 malicious apps had been downloaded over a million times. This contradicts recent numbers from Google itself from Android Security Report, that claimed only 0.1 percent of apps contained malware.

The worst offenders for malware were in China with four marketplaces having more than one-in-five apps harbouring malware.

TK Keanini, CTO at Lancope, told that if the methods deployed by the researchers were used by the app marketplaces, then this would “force the malware authors to innovate other methods of deliver”.

“The cost of detection has been lowered significantly, and the cost of evasion raised for the threat actor. The problem never goes away, it just moves around as attackers and defenders are in a constant co-evolutionary spiral,” he said.

Gavin Millard, technical director for EMEA at Tenable Network Security, told SC that one of the most concerning findings from the research is the 30,000 malicious apps that were found on the Google Play store.

“If accurate, this is a concerning amount of questionable code that's made it through the vetting process. With malware authors churning out malicious code targeting our tablets and phones at an ever increasing rate, the time and accuracy to vet apps needs to improve to protect the personal data stored,” he said.

Ken Munro of Pen Test Partners told SC that the statistics in the report are “fascinating” and it was a “clever way to quickly pick up nasties in Android app stores”.

“It was no surprise to find that many third-party app stores have higher rates of malicious apps. Identifying around 20 potential zero-day issues was also a significant achievement,” he said.

“The various app stores would be well advised to incorporate this technique in to their existing review processes,” said Munro. “However, it doesn't really work on ‘fresh' apps written for malicious purposes. App stores need to be vigilant though, as malicious app writers are likely to change techniques in light of MassVet.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews